svn commit: r322868 - head/etc/periodic/security

[Alan Somers]

Author: asomers
Date: Fri Aug 25 00:28:56 2017
New Revision: 322868
URL: https://svnweb.freebsd.org/changeset/base/322868

Log:
  Fix 100.chksetuid and 110.neggrpperm for mountpoints with spaces
  
  Also, fix them for mountpoints with tabs.
  
  PR:		48325
  Reported by:	pguyot at kallisys.net, aaron at baugher.biz
  MFC after:	3 weeks

Modified:
  head/etc/periodic/security/100.chksetuid
  head/etc/periodic/security/110.neggrpperm
  head/etc/periodic/security/security.functions

Modified: head/etc/periodic/security/100.chksetuid
==============================================================================
--- head/etc/periodic/security/100.chksetuid	Fri Aug 25 00:11:29 2017	(r322867)
+++ head/etc/periodic/security/100.chksetuid	Fri Aug 25 00:28:56 2017	(r322868)
@@ -45,7 +45,13 @@ if check_yesno_period security_status_chksetuid_enable
 then
 	echo ""
 	echo 'Checking setuid files and devices:'
-	MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'`
+	IFS=$'\n'	# Don't split mount points with spaces or tabs
+	MP=`mount -t ufs,zfs | awk '
+		$0 !~ /no(suid|exec)/ {
+			sub(/^.* on \//, "/");
+			sub(/ \(.*\)/, "");
+			print $0
+		}'`
 	find -sx $MP /dev/null \( ! -fstype local \) -prune -o -type f \
 	    \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
 	    \( -perm -u+s -or -perm -g+s \) -exec ls -liTd \{\} \+ |

Modified: head/etc/periodic/security/110.neggrpperm
==============================================================================
--- head/etc/periodic/security/110.neggrpperm	Fri Aug 25 00:11:29 2017	(r322867)
+++ head/etc/periodic/security/110.neggrpperm	Fri Aug 25 00:28:56 2017	(r322868)
@@ -43,7 +43,13 @@ if check_yesno_period security_status_neggrpperm_enabl
 then
 	echo ""
 	echo 'Checking negative group permissions:'
-	MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'`
+	IFS=$'\n'	# Don't split mount points with spaces or tabs
+	MP=`mount -t ufs,zfs | awk '
+		$0 !~ /no(suid|exec)/ {
+			sub(/^.* on \//, "/");
+			sub(/ \(.*\)/, "");
+			print $0
+		}'`
 	n=$(find -sx $MP /dev/null \( ! -fstype local \) -prune -o -type f \
 	    \( \( ! -perm +010 -and -perm +001 \) -or \
 	    \( ! -perm +020 -and -perm +002 \) -or \

Modified: head/etc/periodic/security/security.functions
==============================================================================
--- head/etc/periodic/security/security.functions	Fri Aug 25 00:11:29 2017	(r322867)
+++ head/etc/periodic/security/security.functions	Fri Aug 25 00:28:56 2017	(r322868)
@@ -48,6 +48,7 @@ rc=0
 #   LABEL is the base name of the ${LOG}/${label}.{today,yesterday} files.
 
 check_diff() {
+  unset IFS
   rc=0
   if [ "$1" = "new_only" ]; then
     shift